Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit security features. While several discrete security methods (such as checklists and management standards) can supplement agile methods, few of these integrate seamlessly into other software development methods. Because of the severe constraints imposed by agile methods, these discrete security techniques integrate very poorly into agile approaches. This article demonstrates how the security features can be integrated into agile methods.